Advertisement

Give up Google, don't hit 'accept all': how to fight for your privacy

Elle Hunt
·8 min read

“If you’re reading this book, you probably already know your personal data is being collected, stored and analysed,” Carissa Véliz begins, in Privacy Is Power. Her challenge, as a writer and a privacy advocate, is to shake us out of our complacency; to persuade us to see this not as a necessary sacrifice in the digital age, but an intolerable invasion. From the mounting dread I felt while reading Privacy Is Power, I’d say she was successful.

From the moment you wake up and first check your phone, to the marketers that infer your mood from your music choices, to the smart speaker that shares your private conversations, or the television that listens in on them (from the terms and conditions of a Samsung smart TV: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured”), there is nowhere to hide – or even just be – in this hyper-connected hellscape. Corporations can track you both by your face and your digital footprint, your medical records may be handed over to Big Tech, and advertisers may learn of your break-up before you do. In her book, Véliz, a professor at the Institute for Ethics in AI at Oxford University, often veers into the second person, cleverly underscoring her point: it’s impossible not to picture yourself blindly navigating this horror, then you remember - you already are.

Your data may already be being used against you, says Véliz, with far-reaching implications for trust, equality, justice and democracy. “It doesn’t matter if you think you don’t need privacy,” she says. “Your society needs you to have privacy.”

Think twice before sharing. Before you post something, think how it might be used against you.

Respect others’ privacy. Ask for consent before you post a picture on social media. Facial recognition can identify you and others with or without a tag.

Don’t consent to the collection of your personal data on websites and apps. Assume all settings for products and services are privacy-unfriendly by default and change them.

Block cookies in your browser, especially cross-site tracking cookies.

Don’t use work email for purposes unrelated to work. Look for encryption, consider the country in which the provider is based.

Stop using Google as your main search engine. Privacy-friendly options include DuckDuckGo and Qwan

Use different browsers for different activities. Browsers do not share cookies between them. Brave is a browser designed with privacy in mind. Firefox and Safari, with the appropriate add-ons, are also good options.

Véliz’s introduction to the issue was deeply personal. In 2013, while researching her family history, she uncovered some surprising details about her late grandfather that she could only assume he had not wanted her to find out. “I started wondering whether I had a right to know all these things that my grandparents didn’t tell me.” That same summer, Edward Snowden made history by telling the world about mass surveillance at the NSA. “It was a very personal thing in the beginning,” says Véliz, “then I became very worried about our society, and it became a professional interest.”

In Japan last year, a man sexually assaulted a pop star, claiming he had found her by analysing reflections in her eyes in photos she had posted online

Privacy Is Power is a slim book on a vast, complex issue, made more powerful by Véliz accepting her limits. (“Facebook has violated our right to privacy so many times that a comprehensive account would merit a book in itself,” she writes.) It is highly readable, clearly laying out a problem that many of us have lost sight of. “When companies collect your data, it doesn’t hurt, you don’t feel the absence, you don’t see it physically,” Véliz says. “We’re having to learn as we have bad experiences.”

She writes of a Spanish woman, a victim of identity theft, who has spent years being pulled in and out of police stations and courtrooms for crimes committed in her name. “My life has been ruined,” the woman says, just one among nearly 225,000 such cases recorded in the UK last year alone. Last month, a Detroit man was wrongly arrested on the basis of a facial recognition algorithm. (“I guess the computer got it wrong,” one detective reportedly said.) In Japan last year, a man sexually assaulted a pop star, claiming he had identified her location by analysing reflections in her eyes in photos she had posted online. And Véliz describes a data scientist-in-training being tasked with investigating a stranger, simply for the exercise of it: “He ended up studying in depth some guy in Virginia who, he learned, had diabetes and was having an affair.”

The problem is hard to manage even within our civic institutions, who look to tech as the answer to everything, even when it is not fully understood (the exam results fiasco being a recent example). “When somebody says AI is ‘cutting edge’, many times what they are saying is, ‘We haven’t tested it enough to know if it works,’” says Véliz. “It shouldn’t be tested on an entire population without our knowledge, consent or compensation … We’re being treated as guinea pigs.”

Related: Government admits breaking privacy law with NHS test and trace

Privacy is Power is out just as the UK government has launched its new contact-tracing app. Véliz says there is little to suggest it will be effective – and certainly not without accompanying mass testing – because by the time people are alerted that they have come into contact with a confirmed case, they will have already infected others.

“The first app was a complete fiasco, and everybody knew it was going to be,” says Véliz. Whether the second is an improvement remains to be seen, but privacy and security risks are a certainty. Imperial College researchers estimate that trackers installed on the phones of just 1% of London’s population could account for the real-time location of more than half the city.

As history has shown, it is easier for governments to erode civil liberties at times of social upheaval, and many can’t be trusted with the information they collect; just this month, 18,000 people had personal information published online by mistake by Public Health Wales. “It’s very expensive to get tech right and most governments don’t have the money or expertise… we’re giving very sensitive data to institutions that are not capable of keeping it safe,” says Véliz. “We seem to be not ready for this kind of power.”

But misuse of our data is not the only threat to our privacy. Cooperation between public bodies and corporations – such as the border control contract awarded to Palantir, the tech firm assisting the Trump administration to deport migrants from the US; or the UK police’s support of Uber receiving a licence in exchange for its data – should be ongoing cause for concern. “It’s a public institution giving support to tech that might, on the whole, be detrimental to society,” says Véliz.

A tech specialist might have been tempted to focus on the whys and hows of our structural surveillance, in doing so (even inadvertently) affirming the need for it. Framed by a philosopher as an ethical question, it is obviously intolerable. “This isn’t publicity: this keeps me up at night,” she says.

Still, Véliz is adamant that there is reason to be hopeful. “People didn’t think the GDPR was going to be possible, they thought privacy was dead, it was a thing of the past – and obviously it’s not. I am very optimistic that this level of intrusion is not sustainable.” What she wants is for more people to exercise their agency over how their data is used, both to protect themselves and to send a bigger statement. Even the biggest tech companies depend on people’s cooperation, she points out: “If we look for privacy-friendly alternatives, they will thrive.”

She sets out practical steps for taking back control, such as swapping Google for privacy-friendly search engines such as DuckDuckGo, taping over your webcam when it is not in use, asking people for permission before posting about them online, using password managers and VPNs to obscure your IP address, and choosing “dumb” devices over “smart” ones. (Privacy Is Power has convinced me that Amazon Alexa offers no benefit sufficient to justify its sinister presence. Check the forecast yourself.)

“It’s a hard thing to do if you do everything, and if you do it perfectly – but you don’t have to do either to make a big difference,” says Véliz. Though regulation remains needed, it is refreshing to see practical solutions for a situation it is hard to not feel powerless about - as well as a reminder that this will continue unless we make it clear it’s unacceptable.

“We should be outraged. Companies are very worried about what people think. If people tweet about this, talk about it, choose better products, things can turn around in a matter of very few years,” Véliz says. Disingenuous it may be, but a recent Apple ad trumpeting the importance of privacy is proof that, at least, they know the public is concerned.

The first step towards revolution may simply be becoming more aware of how freely you hand over your data, and to whom. Did you need to click “yes” to that cookies pop-up? Should you tell all of Twitter where you are? Does your fridge really need to be connected to the internet? When asked for her email address, Véliz will often give noneofyourbusiness@privacy.com, “to make a point”.

  • Privacy Is Power: Why and How You Should Take Back Control of Your Data, by Carissa Véliz is published by Bantam Press. To order a copy, go to guardianbookshop.com.